The vulnerability of the software for multifunctional measuring instruments used to measure parameters of electrical networks from Siemens SENTRON 7KT PAC1260 lies in the lack of measures to neutralize special elements, allowing a violator to execute arbitrary codes.

🗓️ 09 Apr 2025 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Siemens SENTRON 7KT PAC1260 flaw enables remote root-level code execution via unneutralized elements.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2024-41790	8 Apr 202508:46	–	circl
CNNVD	Siemens SENTRON 7KT PAC1260 Data Manager 操作系统命令注入漏洞	8 Apr 202500:00	–	cnnvd
CNVD	Siemens SENTRON 7KT PAC1260 Data Manager OS Command Injection Vulnerability (CNVD-2025-07810)	18 Apr 202500:00	–	cnvd
CVE	CVE-2024-41790	8 Apr 202508:22	–	cve
Cvelist	CVE-2024-41790	8 Apr 202508:22	–	cvelist
EUVD	EUVD-2025-10327	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Siemens products	8 Apr 202513:57	–	ncsc
NVD	CVE-2024-41790	8 Apr 202509:15	–	nvd
RedhatCVE	CVE-2024-41790	9 Jan 202608:34	–	redhatcve
Vulnrichment	CVE-2024-41790	8 Apr 202508:22	–	vulnrichment

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-187636.pdf
securityvulnerability	www.securityvulnerability.io/vulnerability/CVE-2024-41790
web	www.web.nvd.nist.gov/view/vuln/detail

09 Apr 2025 00:00Current

6.4Medium risk

Vulners AI Score6.4

CVSS 29

CVSS 39.1

EPSS0.00749

Siemens Sentron Pac1260 device Remote code execution Root privileges Special elements